Application Security Engineer

Yesterday

Apply Now

Receive Emails with Similar Jobs

Bonterra

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

🤝 B2B

🤝 Non-profit

🌍 Social Impact

Description

• Report directly to the Director of Application Security. • Perform manual web application penetration tests. • Review / triage SAST and DAST scan results. • Participate in application design discussions and threat modeling exercises. • Advise development teams on common web application vulnerabilities such as OWASP Top 10. • Write up, prioritize and track Jira tickets for identified issues, and work with developers to ensure the vulnerabilities are properly remediated. • Work with Risk & Compliance teams on SOC 2, PCI-DSS, HIPAA , and other audits as needed.

Requirements

• Strong manual web application penetration testing skills. • A deep understanding of web application vulnerabilities, their root causes, and remediation. • The ability to review application source code as needed to triage SAST results and aid in manual code assisted tests to identify security defects. • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner. • Experience performing application threat modeling or software architecture reviews. • Experience with information security frameworks & controls. • Knowledge of NIST, ISO, SOC 2, PCI, and/or CIS Controls. • Previous software development or application design experience. • Experience securing cloud environments and performing AWS security configuration reviews.

Benefits

• Generous Flexible Time Off (FTO) Policy • Up to 15 paid company holidays including some commemorating social justice events and self-care • Paid volunteer time • Resources for savings and investments • Paid parental leave • Paid sick leave • Health, vision, dental, and life insurance with additional access to health and wellness programs. • Opportunities to learn, develop, network, and connect